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ABSTRACT: 

A system, computer program, and method of providing an automatic cooperative 
response ability to all members of a domain in light of a detected threat or other 
suspicious activity, such as, for example, a virus or denial of service attack, directed, at 
least initially, at less than all members of the domain. The system broadly comprises the 
domain; a log server; a detection server; and a profile server. The domain comprises a 
logical grouping of members having similar risk profiles. The detection server monitors 
and parses log and audit records generated by the members and copied to the log server. 
When the detection server identifies threatening or other suspicious activity it sets an 
alert status in a security profile stored on the profile server. The members periodically 
query the profile server for updates to the alert status and are thereby apprised of the 
alert. 

My interpretation 
log server = proxy loghost 
detection server = central loghost 
profile server = monitoring station 


